Botan 3.5.0
Crypto and TLS for C&
Botan::XMSS_Parameters Class Reference

#include <xmss_parameters.h>

Public Types

enum  xmss_algorithm_t {
  XMSS_SHA2_10_256 = 0x00000001 , XMSS_SHA2_16_256 = 0x00000002 , XMSS_SHA2_20_256 = 0x00000003 , XMSS_SHA2_10_512 = 0x00000004 ,
  XMSS_SHA2_16_512 = 0x00000005 , XMSS_SHA2_20_512 = 0x00000006 , XMSS_SHAKE_10_256 = 0x00000007 , XMSS_SHAKE_16_256 = 0x00000008 ,
  XMSS_SHAKE_20_256 = 0x00000009 , XMSS_SHAKE_10_512 = 0x0000000a , XMSS_SHAKE_16_512 = 0x0000000b , XMSS_SHAKE_20_512 = 0x0000000c ,
  XMSS_SHA2_10_192 = 0x0000000d , XMSS_SHA2_16_192 = 0x0000000e , XMSS_SHA2_20_192 = 0x0000000f , XMSS_SHAKE256_10_256 = 0x00000010 ,
  XMSS_SHAKE256_16_256 = 0x00000011 , XMSS_SHAKE256_20_256 = 0x00000012 , XMSS_SHAKE256_10_192 = 0x00000013 , XMSS_SHAKE256_16_192 = 0x00000014 ,
  XMSS_SHAKE256_20_192 = 0x00000015
}
 

Public Member Functions

size_t element_size () const
 
size_t estimated_strength () const
 
const std::string & hash_function_name () const
 
size_t hash_id_size () const
 
size_t len () const
 
const std::string & name () const
 
xmss_algorithm_t oid () const
 
bool operator== (const XMSS_Parameters &p) const
 
XMSS_WOTS_Parameters::ots_algorithm_t ots_oid () const
 
size_t raw_legacy_private_key_size () const
 
size_t raw_private_key_size () const
 
size_t raw_public_key_size () const
 
size_t total_number_of_signatures () const
 
size_t tree_height () const
 
size_t wots_parameter () const
 
 XMSS_Parameters (std::string_view algo_name)
 
 XMSS_Parameters (xmss_algorithm_t oid)
 

Static Public Member Functions

static xmss_algorithm_t xmss_id_from_string (std::string_view algo_name)
 

Detailed Description

Descibes a signature method for XMSS, as defined in: [1] XMSS: Extended Hash-Based Signatures, Request for Comments: 8391 Release: May 2018. https://datatracker.ietf.org/doc/rfc8391/ [2] Recommendation for Stateful Hash-Based Signature Schemes NIST Special Publication 800-208 Release: October 2020. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-208.pdf

Definition at line 129 of file xmss_parameters.h.

Member Enumeration Documentation

◆ xmss_algorithm_t

Enumerator
XMSS_SHA2_10_256 
XMSS_SHA2_16_256 
XMSS_SHA2_20_256 
XMSS_SHA2_10_512 
XMSS_SHA2_16_512 
XMSS_SHA2_20_512 
XMSS_SHAKE_10_256 
XMSS_SHAKE_16_256 
XMSS_SHAKE_20_256 
XMSS_SHAKE_10_512 
XMSS_SHAKE_16_512 
XMSS_SHAKE_20_512 
XMSS_SHA2_10_192 
XMSS_SHA2_16_192 
XMSS_SHA2_20_192 
XMSS_SHAKE256_10_256 
XMSS_SHAKE256_16_256 
XMSS_SHAKE256_20_256 
XMSS_SHAKE256_10_192 
XMSS_SHAKE256_16_192 
XMSS_SHAKE256_20_192 

Definition at line 131 of file xmss_parameters.h.

131 {
132 // from RFC 8391
133 XMSS_SHA2_10_256 = 0x00000001,
134 XMSS_SHA2_16_256 = 0x00000002,
135 XMSS_SHA2_20_256 = 0x00000003,
136
137 // from RFC 8391 but not approved by NIST SP.800-208
138 // (see footnote on page 16)
139 XMSS_SHA2_10_512 = 0x00000004,
140 XMSS_SHA2_16_512 = 0x00000005,
141 XMSS_SHA2_20_512 = 0x00000006,
142 XMSS_SHAKE_10_256 = 0x00000007,
143 XMSS_SHAKE_16_256 = 0x00000008,
144 XMSS_SHAKE_20_256 = 0x00000009,
145 XMSS_SHAKE_10_512 = 0x0000000a,
146 XMSS_SHAKE_16_512 = 0x0000000b,
147 XMSS_SHAKE_20_512 = 0x0000000c,
148
149 // from NIST SP.800-208
150 XMSS_SHA2_10_192 = 0x0000000d,
151 XMSS_SHA2_16_192 = 0x0000000e,
152 XMSS_SHA2_20_192 = 0x0000000f,
153 XMSS_SHAKE256_10_256 = 0x00000010,
154 XMSS_SHAKE256_16_256 = 0x00000011,
155 XMSS_SHAKE256_20_256 = 0x00000012,
156 XMSS_SHAKE256_10_192 = 0x00000013,
157 XMSS_SHAKE256_16_192 = 0x00000014,
158 XMSS_SHAKE256_20_192 = 0x00000015,
159 };

Constructor & Destructor Documentation

◆ XMSS_Parameters() [1/2]

Botan::XMSS_Parameters::XMSS_Parameters ( std::string_view algo_name)
explicit

Definition at line 89 of file xmss_parameters.cpp.

89 :
static xmss_algorithm_t xmss_id_from_string(std::string_view algo_name)
XMSS_Parameters(std::string_view algo_name)

◆ XMSS_Parameters() [2/2]

Botan::XMSS_Parameters::XMSS_Parameters ( xmss_algorithm_t oid)
explicit

Definition at line 92 of file xmss_parameters.cpp.

92 : m_oid(oid) {
93 switch(oid) {
95 m_element_size = 32;
96 m_hash_id_size = 32;
97 m_w = 16;
98 m_len = 67;
99 m_tree_height = 10;
100 m_name = "XMSS-SHA2_10_256";
101 m_hash_name = "SHA-256";
102 m_strength = 256;
104 break;
105 case XMSS_SHA2_16_256:
106 m_element_size = 32;
107 m_hash_id_size = 32;
108 m_w = 16;
109 m_len = 67;
110 m_tree_height = 16;
111 m_name = "XMSS-SHA2_16_256";
112 m_hash_name = "SHA-256";
113 m_strength = 256;
115 break;
116 case XMSS_SHA2_20_256:
117 m_element_size = 32;
118 m_hash_id_size = 32;
119 m_w = 16;
120 m_len = 67;
121 m_tree_height = 20;
122 m_name = "XMSS-SHA2_20_256";
123 m_hash_name = "SHA-256";
124 m_strength = 256;
126 break;
127 case XMSS_SHA2_10_512:
128 m_element_size = 64;
129 m_hash_id_size = 64;
130 m_w = 16;
131 m_len = 131;
132 m_tree_height = 10;
133 m_name = "XMSS-SHA2_10_512";
134 m_hash_name = "SHA-512";
135 m_strength = 512;
137 break;
138 case XMSS_SHA2_16_512:
139 m_element_size = 64;
140 m_hash_id_size = 64;
141 m_w = 16;
142 m_len = 131;
143 m_tree_height = 16;
144 m_name = "XMSS-SHA2_16_512";
145 m_hash_name = "SHA-512";
146 m_strength = 512;
148 break;
149 case XMSS_SHA2_20_512:
150 m_element_size = 64;
151 m_hash_id_size = 64;
152 m_w = 16;
153 m_len = 131;
154 m_tree_height = 20;
155 m_name = "XMSS-SHA2_20_512";
156 m_hash_name = "SHA-512";
157 m_strength = 512;
159 break;
161 m_element_size = 32;
162 m_hash_id_size = 32;
163 m_w = 16;
164 m_len = 67;
165 m_tree_height = 10;
166 m_name = "XMSS-SHAKE_10_256";
167 m_hash_name = "SHAKE-128(256)";
168 m_strength = 256;
170 break;
172 m_element_size = 32;
173 m_hash_id_size = 32;
174 m_w = 16;
175 m_len = 67;
176 m_tree_height = 16;
177 m_name = "XMSS-SHAKE_16_256";
178 m_hash_name = "SHAKE-128(256)";
179 m_strength = 256;
181 break;
183 m_element_size = 32;
184 m_hash_id_size = 32;
185 m_w = 16;
186 m_len = 67;
187 m_tree_height = 20;
188 m_name = "XMSS-SHAKE_20_256";
189 m_hash_name = "SHAKE-128(256)";
190 m_strength = 256;
192 break;
194 m_element_size = 64;
195 m_hash_id_size = 64;
196 m_w = 16;
197 m_len = 131;
198 m_tree_height = 10;
199 m_name = "XMSS-SHAKE_10_512";
200 m_hash_name = "SHAKE-256(512)";
201 m_strength = 512;
203 break;
205 m_element_size = 64;
206 m_hash_id_size = 64;
207 m_w = 16;
208 m_len = 131;
209 m_tree_height = 16;
210 m_name = "XMSS-SHAKE_16_512";
211 m_hash_name = "SHAKE-256(512)";
212 m_strength = 512;
214 break;
216 m_element_size = 64;
217 m_hash_id_size = 64;
218 m_w = 16;
219 m_len = 131;
220 m_tree_height = 20;
221 m_name = "XMSS-SHAKE_20_512";
222 m_hash_name = "SHAKE-256(512)";
223 m_strength = 512;
225 break;
226 case XMSS_SHA2_10_192:
227 m_element_size = 24;
228 m_hash_id_size = 4;
229 m_w = 16;
230 m_len = 51;
231 m_tree_height = 10;
232 m_name = "XMSS-SHA2_10_192";
233 m_hash_name = "Truncated(SHA-256,192)";
234 m_strength = 192;
236 break;
237 case XMSS_SHA2_16_192:
238 m_element_size = 24;
239 m_hash_id_size = 4;
240 m_w = 16;
241 m_len = 51;
242 m_tree_height = 16;
243 m_name = "XMSS-SHA2_16_192";
244 m_hash_name = "Truncated(SHA-256,192)";
245 m_strength = 192;
247 break;
248 case XMSS_SHA2_20_192:
249 m_element_size = 24;
250 m_hash_id_size = 4;
251 m_w = 16;
252 m_len = 51;
253 m_tree_height = 20;
254 m_name = "XMSS-SHA2_20_192";
255 m_hash_name = "Truncated(SHA-256,192)";
256 m_strength = 192;
258 break;
260 m_element_size = 32;
261 m_hash_id_size = 32;
262 m_w = 16;
263 m_len = 67;
264 m_tree_height = 10;
265 m_name = "XMSS-SHAKE256_10_256";
266 m_hash_name = "SHAKE-256(256)";
267 m_strength = 256;
269 break;
271 m_element_size = 32;
272 m_hash_id_size = 32;
273 m_w = 16;
274 m_len = 67;
275 m_tree_height = 16;
276 m_name = "XMSS-SHAKE256_16_256";
277 m_hash_name = "SHAKE-256(256)";
278 m_strength = 256;
280 break;
282 m_element_size = 32;
283 m_hash_id_size = 32;
284 m_w = 16;
285 m_len = 67;
286 m_tree_height = 20;
287 m_name = "XMSS-SHAKE256_20_256";
288 m_hash_name = "SHAKE-256(256)";
289 m_strength = 256;
291 break;
293 m_element_size = 24;
294 m_hash_id_size = 4;
295 m_w = 16;
296 m_len = 51;
297 m_tree_height = 10;
298 m_name = "XMSS-SHAKE256_10_192";
299 m_hash_name = "SHAKE-256(192)";
300 m_strength = 192;
302 break;
304 m_element_size = 24;
305 m_hash_id_size = 4;
306 m_w = 16;
307 m_len = 51;
308 m_tree_height = 16;
309 m_name = "XMSS-SHAKE256_16_192";
310 m_hash_name = "SHAKE-256(192)";
311 m_strength = 192;
313 break;
315 m_element_size = 24;
316 m_hash_id_size = 4;
317 m_w = 16;
318 m_len = 51;
319 m_tree_height = 20;
320 m_name = "XMSS-SHAKE256_20_192";
321 m_hash_name = "SHAKE-256(192)";
322 m_strength = 192;
324 break;
325
326 default:
327 throw Not_Implemented("Algorithm id does not match any known XMSS algorithm id:" + std::to_string(oid));
328 }
329}
xmss_algorithm_t oid() const

References oid(), Botan::XMSS_WOTS_Parameters::WOTSP_SHA2_192, Botan::XMSS_WOTS_Parameters::WOTSP_SHA2_256, Botan::XMSS_WOTS_Parameters::WOTSP_SHA2_512, Botan::XMSS_WOTS_Parameters::WOTSP_SHAKE_256, Botan::XMSS_WOTS_Parameters::WOTSP_SHAKE_256_192, Botan::XMSS_WOTS_Parameters::WOTSP_SHAKE_256_256, Botan::XMSS_WOTS_Parameters::WOTSP_SHAKE_512, XMSS_SHA2_10_192, XMSS_SHA2_10_256, XMSS_SHA2_10_512, XMSS_SHA2_16_192, XMSS_SHA2_16_256, XMSS_SHA2_16_512, XMSS_SHA2_20_192, XMSS_SHA2_20_256, XMSS_SHA2_20_512, XMSS_SHAKE256_10_192, XMSS_SHAKE256_10_256, XMSS_SHAKE256_16_192, XMSS_SHAKE256_16_256, XMSS_SHAKE256_20_192, XMSS_SHAKE256_20_256, XMSS_SHAKE_10_256, XMSS_SHAKE_10_512, XMSS_SHAKE_16_256, XMSS_SHAKE_16_512, XMSS_SHAKE_20_256, and XMSS_SHAKE_20_512.

Member Function Documentation

◆ element_size()

size_t Botan::XMSS_Parameters::element_size ( ) const
inline

Retrieves the uniform length of a message, and the size of each node. This correlates to XMSS parameter "n" defined in [1].

Returns
element length in bytes.

Definition at line 180 of file xmss_parameters.h.

180{ return m_element_size; }

Referenced by Botan::XMSS_Common_Ops::randomize_tree_hash(), Botan::XMSS_Signature_Operation::signature_length(), Botan::XMSS_PrivateKey::XMSS_PrivateKey(), Botan::XMSS_PublicKey::XMSS_PublicKey(), Botan::XMSS_PublicKey::XMSS_PublicKey(), and Botan::XMSS_Signature::XMSS_Signature().

◆ estimated_strength()

size_t Botan::XMSS_Parameters::estimated_strength ( ) const
inline

Returns the estimated pre-quantum security level of the chosen algorithm.

Definition at line 220 of file xmss_parameters.h.

220{ return m_strength; }

◆ hash_function_name()

const std::string & Botan::XMSS_Parameters::hash_function_name ( ) const
inline

Definition at line 171 of file xmss_parameters.h.

171{ return m_hash_name; }

Referenced by Botan::XMSS_Hash::XMSS_Hash().

◆ hash_id_size()

size_t Botan::XMSS_Parameters::hash_id_size ( ) const
inline

Retrieves the length of the hash identifier (domain separator) in bytes. See definition of toByte() in RFC 8391 Section 2.4 and the concrete definitions of hash functions in Section 5.1 where this parameter is always equal to the output length of the underlying hash primitive. Also see NIST SP.800-208 where instantiations utilizing truncated hashes use shorter hash IDs.

Definition at line 190 of file xmss_parameters.h.

190{ return m_hash_id_size; }

◆ len()

size_t Botan::XMSS_Parameters::len ( ) const
inline

Definition at line 210 of file xmss_parameters.h.

210{ return m_len; }

Referenced by Botan::XMSS_Common_Ops::create_l_tree(), and Botan::XMSS_Signature::XMSS_Signature().

◆ name()

const std::string & Botan::XMSS_Parameters::name ( ) const
inline
Returns
XMSS registry name for the chosen parameter set.

Definition at line 169 of file xmss_parameters.h.

169{ return m_name; }

◆ oid()

◆ operator==()

bool Botan::XMSS_Parameters::operator== ( const XMSS_Parameters & p) const
inline

Definition at line 232 of file xmss_parameters.h.

232{ return m_oid == p.m_oid; }

◆ ots_oid()

XMSS_WOTS_Parameters::ots_algorithm_t Botan::XMSS_Parameters::ots_oid ( ) const
inline

Definition at line 214 of file xmss_parameters.h.

214{ return m_wots_oid; }

◆ raw_legacy_private_key_size()

size_t Botan::XMSS_Parameters::raw_legacy_private_key_size ( ) const
inline

Definition at line 224 of file xmss_parameters.h.

224 {
225 return raw_public_key_size() + sizeof(uint32_t) + 2 * element_size();
226 }
size_t raw_public_key_size() const
size_t element_size() const

◆ raw_private_key_size()

size_t Botan::XMSS_Parameters::raw_private_key_size ( ) const
inline

Definition at line 228 of file xmss_parameters.h.

228 {
229 return raw_legacy_private_key_size() + 1 /* identifier for WOTS+ key derivation method */;
230 }
size_t raw_legacy_private_key_size() const

◆ raw_public_key_size()

size_t Botan::XMSS_Parameters::raw_public_key_size ( ) const
inline

Definition at line 222 of file xmss_parameters.h.

222{ return sizeof(uint32_t) + 2 * element_size(); }

Referenced by Botan::XMSS_PublicKey::XMSS_PublicKey().

◆ total_number_of_signatures()

size_t Botan::XMSS_Parameters::total_number_of_signatures ( ) const
inline
Returns
total number of signatures allowed for this XMSS instance

Definition at line 200 of file xmss_parameters.h.

200{ return size_t(1) << tree_height(); }

Referenced by Botan::XMSS_Signature::XMSS_Signature().

◆ tree_height()

size_t Botan::XMSS_Parameters::tree_height ( ) const
inline
Returns
The height (number of levels - 1) of the tree

Definition at line 195 of file xmss_parameters.h.

195{ return m_tree_height; }

Referenced by Botan::XMSS_Signature::XMSS_Signature().

◆ wots_parameter()

size_t Botan::XMSS_Parameters::wots_parameter ( ) const
inline

The Winternitz parameter.

Returns
numeric base used for internal representation of data.

Definition at line 208 of file xmss_parameters.h.

208{ return m_w; }

◆ xmss_id_from_string()

XMSS_Parameters::xmss_algorithm_t Botan::XMSS_Parameters::xmss_id_from_string ( std::string_view algo_name)
static

Definition at line 21 of file xmss_parameters.cpp.

21 {
22 if(param_set == "XMSS-SHA2_10_256") {
23 return XMSS_SHA2_10_256;
24 }
25 if(param_set == "XMSS-SHA2_16_256") {
26 return XMSS_SHA2_16_256;
27 }
28 if(param_set == "XMSS-SHA2_20_256") {
29 return XMSS_SHA2_20_256;
30 }
31 if(param_set == "XMSS-SHA2_10_512") {
32 return XMSS_SHA2_10_512;
33 }
34 if(param_set == "XMSS-SHA2_16_512") {
35 return XMSS_SHA2_16_512;
36 }
37 if(param_set == "XMSS-SHA2_20_512") {
38 return XMSS_SHA2_20_512;
39 }
40 if(param_set == "XMSS-SHAKE_10_256") {
41 return XMSS_SHAKE_10_256;
42 }
43 if(param_set == "XMSS-SHAKE_16_256") {
44 return XMSS_SHAKE_16_256;
45 }
46 if(param_set == "XMSS-SHAKE_20_256") {
47 return XMSS_SHAKE_20_256;
48 }
49 if(param_set == "XMSS-SHAKE_10_512") {
50 return XMSS_SHAKE_10_512;
51 }
52 if(param_set == "XMSS-SHAKE_16_512") {
53 return XMSS_SHAKE_16_512;
54 }
55 if(param_set == "XMSS-SHAKE_20_512") {
56 return XMSS_SHAKE_20_512;
57 }
58 if(param_set == "XMSS-SHA2_10_192") {
59 return XMSS_SHA2_10_192;
60 }
61 if(param_set == "XMSS-SHA2_16_192") {
62 return XMSS_SHA2_16_192;
63 }
64 if(param_set == "XMSS-SHA2_20_192") {
65 return XMSS_SHA2_20_192;
66 }
67 if(param_set == "XMSS-SHAKE256_10_256") {
69 }
70 if(param_set == "XMSS-SHAKE256_16_256") {
72 }
73 if(param_set == "XMSS-SHAKE256_20_256") {
75 }
76 if(param_set == "XMSS-SHAKE256_10_192") {
78 }
79 if(param_set == "XMSS-SHAKE256_16_192") {
81 }
82 if(param_set == "XMSS-SHAKE256_20_192") {
84 }
85
86 throw Lookup_Error(fmt("Unknown XMSS algorithm param '{}'", param_set));
87}
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53

References Botan::fmt(), XMSS_SHA2_10_192, XMSS_SHA2_10_256, XMSS_SHA2_10_512, XMSS_SHA2_16_192, XMSS_SHA2_16_256, XMSS_SHA2_16_512, XMSS_SHA2_20_192, XMSS_SHA2_20_256, XMSS_SHA2_20_512, XMSS_SHAKE256_10_192, XMSS_SHAKE256_10_256, XMSS_SHAKE256_16_192, XMSS_SHAKE256_16_256, XMSS_SHAKE256_20_192, XMSS_SHAKE256_20_256, XMSS_SHAKE_10_256, XMSS_SHAKE_10_512, XMSS_SHAKE_16_256, XMSS_SHAKE_16_512, XMSS_SHAKE_20_256, and XMSS_SHAKE_20_512.


The documentation for this class was generated from the following files: